<html>
<head><meta charset="utf-8"><title>bumping dependencies · t-compiler · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/131828-t-compiler/index.html">t-compiler</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/131828-t-compiler/topic/bumping.20dependencies.html">bumping dependencies</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="174171233"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/131828-t-compiler/topic/bumping%20dependencies/near/174171233" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/131828-t-compiler/topic/bumping.20dependencies.html#174171233">(Aug 26 2019 at 19:48)</a>:</h4>
<p>So <a href="https://github.com/rust-lang/rust/pull/63806" target="_blank" title="https://github.com/rust-lang/rust/pull/63806">https://github.com/rust-lang/rust/pull/63806</a> bumps rand to 0.7 -- seems ok to me -- any reason not to r+ that anyone can think of? Should this be a "rollup"?</p>
<p>For this sort of PR (bumping the deps of some crate), I always feel a bit unsure how to handle it I admit.</p>



<a name="174172402"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/131828-t-compiler/topic/bumping%20dependencies/near/174172402" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/131828-t-compiler/topic/bumping.20dependencies.html#174172402">(Aug 26 2019 at 20:04)</a>:</h4>
<p>just had the same with my miri PR^^ I ended up changing miri so that I didnt have to bump rustc deps</p>



<a name="174172424"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/131828-t-compiler/topic/bumping%20dependencies/near/174172424" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/131828-t-compiler/topic/bumping.20dependencies.html#174172424">(Aug 26 2019 at 20:05)</a>:</h4>
<p>it seems people are fairly quick r+'ing them, but OTOH that's importing arbitrary 3rd party code into the compiler...</p>



<a name="174172664"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/131828-t-compiler/topic/bumping%20dependencies/near/174172664" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/131828-t-compiler/topic/bumping.20dependencies.html#174172664">(Aug 26 2019 at 20:08)</a>:</h4>
<blockquote>
<p>it seems people are fairly quick r+'ing them, but OTOH that's importing arbitrary 3rd party code into the compiler...</p>
</blockquote>
<p>yes, this</p>



<a name="174409234"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/131828-t-compiler/topic/bumping%20dependencies/near/174409234" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> varkor <a href="https://rust-lang.github.io/zulip_archive/stream/131828-t-compiler/topic/bumping.20dependencies.html#174409234">(Aug 28 2019 at 23:11)</a>:</h4>
<p>when new dependencies are introduced, how well are they audited in the first place?<br>
unless there's a careful review procedure for each one, letting updates through seems no more harmful than the introduction</p>



<a name="174409291"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/131828-t-compiler/topic/bumping%20dependencies/near/174409291" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> varkor <a href="https://rust-lang.github.io/zulip_archive/stream/131828-t-compiler/topic/bumping.20dependencies.html#174409291">(Aug 28 2019 at 23:12)</a>:</h4>
<p>maybe it happens more frequently, but the one time I did see a careful audit was when hashbrown was introduced — there, the entire crate was reviewed</p>



<a name="174409322"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/131828-t-compiler/topic/bumping%20dependencies/near/174409322" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> varkor <a href="https://rust-lang.github.io/zulip_archive/stream/131828-t-compiler/topic/bumping.20dependencies.html#174409322">(Aug 28 2019 at 23:13)</a>:</h4>
<p>though reviewing updates might not be so bad, reviewing the entire crate the first time seems difficult</p>



<a name="174409336"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/131828-t-compiler/topic/bumping%20dependencies/near/174409336" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> varkor <a href="https://rust-lang.github.io/zulip_archive/stream/131828-t-compiler/topic/bumping.20dependencies.html#174409336">(Aug 28 2019 at 23:13)</a>:</h4>
<p>(though that's not to say that we don't need to be more careful)</p>



<a name="174453959"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/131828-t-compiler/topic/bumping%20dependencies/near/174453959" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/131828-t-compiler/topic/bumping.20dependencies.html#174453959">(Aug 29 2019 at 13:33)</a>:</h4>
<p>the whole procedure deserves a bit of discussion, I think</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>